diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000000..f74132beb7 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,26 @@ +name: VPC CNI Release + +on: [push, pull_request, workflow_dispatch] + +env: + DEFAULT_GO_VERSION: ^1.15 + GITHUB_TOKEN: ${{ secrets.JAY_GIT_TOKEN }} + GITHUB_USERNAME: ${{ secrets.JAY_GITHUB_USERNAME }} + +jobs: + + release: + name: Release + runs-on: ubuntu-20.04 + if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') + steps: + - name: Set up Go 1.x + uses: actions/setup-go@v2 + with: + go-version: ${{ env.DEFAULT_GO_VERSION }} + + - name: Check out code into the Go module directory + uses: actions/checkout@v2 + + - name: Attach release artifacts + run: make release diff --git a/charts/aws-vpc-cni/values.yaml b/charts/aws-vpc-cni/values.yaml index 95ef9c6aa0..a8599d6102 100644 --- a/charts/aws-vpc-cni/values.yaml +++ b/charts/aws-vpc-cni/values.yaml @@ -8,7 +8,7 @@ nameOverride: aws-node init: image: - tag: v1.10.0 + tag: v1.10.26 region: us-west-2 account: "602401143452" pullPolicy: Always @@ -23,7 +23,7 @@ init: image: region: us-west-2 - tag: v1.10.0 + tag: v1.10.26 account: "602401143452" domain: "amazonaws.com" pullPolicy: Always diff --git a/charts/cni-metrics-helper/values.yaml b/charts/cni-metrics-helper/values.yaml index 33764fbe9f..3c8b5e65b7 100644 --- a/charts/cni-metrics-helper/values.yaml +++ b/charts/cni-metrics-helper/values.yaml @@ -4,7 +4,7 @@ nameOverride: cni-metrics-helper image: region: us-west-2 - tag: v1.10.0 + tag: v1.10.26 account: "602401143452" domain: "amazonaws.com" # Set to use custom image diff --git a/config/master/aws-k8s-cni-cn.yaml b/config/master/aws-k8s-cni-cn.yaml index 9d0fe6ca89..b4c47a94cf 100644 --- a/config/master/aws-k8s-cni-cn.yaml +++ b/config/master/aws-k8s-cni-cn.yaml @@ -121,7 +121,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.10.0" + image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.20.4" env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -139,7 +139,7 @@ spec: {} containers: - name: aws-node - image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.10.0" + image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.20.4" ports: - containerPort: 61678 name: metrics diff --git a/config/master/aws-k8s-cni-us-gov-east-1.yaml b/config/master/aws-k8s-cni-us-gov-east-1.yaml index 7054b0d87f..6a2e7926fb 100644 --- a/config/master/aws-k8s-cni-us-gov-east-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-east-1.yaml @@ -121,7 +121,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.10.0" + image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.20.4" env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -139,7 +139,7 @@ spec: {} containers: - name: aws-node - image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.10.0" + image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.20.4" ports: - containerPort: 61678 name: metrics diff --git a/config/master/aws-k8s-cni-us-gov-west-1.yaml b/config/master/aws-k8s-cni-us-gov-west-1.yaml index 850f9b8687..a35e828743 100644 --- a/config/master/aws-k8s-cni-us-gov-west-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-west-1.yaml @@ -121,7 +121,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.10.0" + image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.20.4" env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -139,7 +139,7 @@ spec: {} containers: - name: aws-node - image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.10.0" + image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.20.4" ports: - containerPort: 61678 name: metrics diff --git a/config/master/aws-k8s-cni.yaml b/config/master/aws-k8s-cni.yaml index 95ea6d532f..60b584e2c2 100644 --- a/config/master/aws-k8s-cni.yaml +++ b/config/master/aws-k8s-cni.yaml @@ -121,7 +121,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.10.0" + image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.20.4" env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -139,7 +139,7 @@ spec: {} containers: - name: aws-node - image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.10.0" + image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.20.4" ports: - containerPort: 61678 name: metrics diff --git a/config/master/calico-operator.yaml b/config/master/calico-operator.yaml index e260043003..08fd7e9675 100644 --- a/config/master/calico-operator.yaml +++ b/config/master/calico-operator.yaml @@ -4903,20 +4903,6 @@ spec: max: 65535 readOnlyRootFilesystem: false --- -# Source: aws-calico/templates/tigera-operator/02-rolebinding-tigera-operator.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: tigera-operator -subjects: -- kind: ServiceAccount - name: tigera-operator - namespace: tigera-operator -roleRef: - kind: ClusterRole - name: tigera-operator - apiGroup: rbac.authorization.k8s.io ---- # Source: aws-calico/templates/tigera-operator/02-role-tigera-operator.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -4942,6 +4928,14 @@ rules: - update - delete - watch + # EndpointSlices are used for Service-based network policy rule + # enforcement. + - apiGroups: ["discovery.k8s.io"] + resources: + - endpointslices + verbs: + - watch + - list - apiGroups: - "" resources: @@ -5111,6 +5105,20 @@ rules: verbs: - list --- +# Source: aws-calico/templates/tigera-operator/02-rolebinding-tigera-operator.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tigera-operator +subjects: +- kind: ServiceAccount + name: tigera-operator + namespace: tigera-operator +roleRef: + kind: ClusterRole + name: tigera-operator + apiGroup: rbac.authorization.k8s.io +--- # Source: aws-calico/templates/tigera-operator/02-serviceaccount-tigera-operator.yaml apiVersion: v1 kind: ServiceAccount diff --git a/config/master/cni-metrics-helper-cn.yaml b/config/master/cni-metrics-helper-cn.yaml index 86ef3ee8b0..2406e9e863 100644 --- a/config/master/cni-metrics-helper-cn.yaml +++ b/config/master/cni-metrics-helper-cn.yaml @@ -90,5 +90,5 @@ spec: - name: USE_CLOUDWATCH value: "true" name: cni-metrics-helper - image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.10.0" + image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.20.4" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper-us-gov-east-1.yaml b/config/master/cni-metrics-helper-us-gov-east-1.yaml index 16412e7fd1..45abe628b5 100644 --- a/config/master/cni-metrics-helper-us-gov-east-1.yaml +++ b/config/master/cni-metrics-helper-us-gov-east-1.yaml @@ -90,5 +90,5 @@ spec: - name: USE_CLOUDWATCH value: "true" name: cni-metrics-helper - image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.10.0" + image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.20.4" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper-us-gov-west-1.yaml b/config/master/cni-metrics-helper-us-gov-west-1.yaml index 0c6b6a2aae..ebe18b08a5 100644 --- a/config/master/cni-metrics-helper-us-gov-west-1.yaml +++ b/config/master/cni-metrics-helper-us-gov-west-1.yaml @@ -90,5 +90,5 @@ spec: - name: USE_CLOUDWATCH value: "true" name: cni-metrics-helper - image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.10.0" + image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.20.4" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper.yaml b/config/master/cni-metrics-helper.yaml index 0e2381ffb3..b3b1f42958 100644 --- a/config/master/cni-metrics-helper.yaml +++ b/config/master/cni-metrics-helper.yaml @@ -90,5 +90,5 @@ spec: - name: USE_CLOUDWATCH value: "true" name: cni-metrics-helper - image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.10.0" + image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.20.4" serviceAccountName: cni-metrics-helper diff --git a/scripts/generate-cni-yaml.sh b/scripts/generate-cni-yaml.sh index 0a0ed4b61f..9e6c882841 100755 --- a/scripts/generate-cni-yaml.sh +++ b/scripts/generate-cni-yaml.sh @@ -75,6 +75,8 @@ jq -c '.[]' $REGIONS_FILE | while read i; do --set init.image.region=$ecrRegion,\ --set init.image.account=$ecrAccount,\ --set init.image.domain=$ecrDomain,\ + --set init.image.tag=$VERSION,\ + --set image.tag=$VERSION,\ --set image.region=$ecrRegion,\ --set image.account=$ecrAccount,\ --set image.domain=$ecrDomain \ @@ -87,6 +89,7 @@ jq -c '.[]' $REGIONS_FILE | while read i; do --set image.region=$ecrRegion,\ --set image.account=$ecrAccount,\ --set image.domain=$ecrDomain \ + --set image.tag=$VERSION,\ --namespace $NAMESPACE \ $SCRIPTPATH/../charts/cni-metrics-helper > $NEW_METRICS_RESOURCES_YAML cat $NEW_METRICS_RESOURCES_YAML | grep -v 'helm.sh\|app.kubernetes.io/managed-by: Helm' > $BUILD_DIR/helm_annotations_removed.yaml diff --git a/scripts/upload-resources-to-github.sh b/scripts/upload-resources-to-github.sh index 7aeaa54ee6..776fb46f50 100755 --- a/scripts/upload-resources-to-github.sh +++ b/scripts/upload-resources-to-github.sh @@ -7,6 +7,7 @@ SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )" VERSION=$(make -s -f $SCRIPTPATH/../Makefile version) BUILD_DIR=$SCRIPTPATH/../build/cni-rel-yamls/$VERSION BINARY_DIR=$SCRIPTPATH/../build/bin + CNI_TAR_RESOURCES_FILE=$BUILD_DIR/cni_individual-resources.tar METRICS_TAR_RESOURCES_FILE=$BUILD_DIR/cni_metrics_individual-resources.tar CALICO_TAR_RESOURCES_FILE=$BUILD_DIR/calico_individual-resources.tar @@ -18,6 +19,17 @@ CALICO_CRS_RESOURCES_YAML=$BUILD_DIR/calico-crs.yaml REGIONS_FILE=$SCRIPTPATH/../charts/regions.json BINARIES_ONLY="false" +PR_ID=$(uuidgen | cut -d '-' -f1) +BINARY_BASE="aws-vpc-cni-k8s" + +REPO="jayanthvn/amazon-vpc-cni-k8s" +GH_CLI_VERSION="0.10.1" +GH_CLI_CONFIG_PATH="${HOME}/.config/gh/config.yml" +KERNEL=$(uname -s | tr '[:upper:]' '[:lower:]') +OS="${KERNEL}" +if [[ "${KERNEL}" == "darwin" ]]; then + OS="macOS" +fi USAGE=$(cat << 'EOM' Usage: upload-resources-to-github [-b] @@ -43,7 +55,7 @@ while getopts "b" opt; do done RELEASE_ID=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \ - https://api.github.com/repos/aws/amazon-vpc-cni-k8s/releases | \ + https://api.github.com/repos/jayanthvn/amazon-vpc-cni-k8s/releases | \ jq --arg VERSION "$VERSION" '.[] | select(.tag_name==$VERSION) | .id') ASSET_IDS_UPLOADED=() @@ -60,7 +72,7 @@ handle_errors_and_cleanup() { echo "Deleting asset $asset_id" curl -X DELETE \ -H "Authorization: token $GITHUB_TOKEN" \ - "https://api.github.com/repos/aws/amazon-vpc-cni-k8s/releases/assets/$asset_id" + "https://api.github.com/repos/jayanthvn/amazon-vpc-cni-k8s/releases/assets/$asset_id" done exit $1 fi @@ -72,7 +84,7 @@ upload_asset() { -H "Authorization: token $GITHUB_TOKEN" \ -H "Content-Type: $(file -b --mime-type $1)" \ --data-binary @$1 \ - "https://uploads.github.com/repos/aws/amazon-vpc-cni-k8s/releases/$RELEASE_ID/assets?name=$(basename $1)") + "https://uploads.github.com/repos/jayanthvn/amazon-vpc-cni-k8s/releases/$RELEASE_ID/assets?name=$(basename $1)") response_code=$(echo $resp | sed 's/\(.*\)}//') response_content=$(echo $resp | sed "s/$response_code//") @@ -81,7 +93,7 @@ upload_asset() { if [[ $response_code -eq 201 ]]; then asset_id=$(echo $response_content | jq '.id') ASSET_IDS_UPLOADED+=("$asset_id") - echo "Created asset ID $asset_id successfully" + echo "✅ Created asset ID $asset_id successfully" else echo -e "❌ Upload failed with response code $response_code and message \n$response_content ❌" exit 1 @@ -89,6 +101,7 @@ upload_asset() { } RESOURCES_TO_UPLOAD=("$CALICO_OPERATOR_RESOURCES_YAML" "$CALICO_CRS_RESOURCES_YAML" "$CNI_TAR_RESOURCES_FILE" "$METRICS_TAR_RESOURCES_FILE" "$CALICO_TAR_RESOURCES_FILE") +RESOURCES_TO_COPY=("$CALICO_OPERATOR_RESOURCES_YAML" "$CALICO_CRS_RESOURCES_YAML") COUNT=1 echo -e "\nUploading release assets for release id '$RELEASE_ID' to Github" @@ -98,7 +111,7 @@ for asset in ${RESOURCES_TO_UPLOAD[@]}; do upload_asset $asset done -jq -c '.[]' $REGIONS_FILE | while read i; do +while read i; do ecrRegion=`echo $i | jq '.ecrRegion' -r` ecrAccount=`echo $i | jq '.ecrAccount' -r` ecrDomain=`echo $i | jq '.ecrDomain' -r` @@ -114,7 +127,7 @@ jq -c '.[]' $REGIONS_FILE | while read i; do NEW_METRICS_RESOURCES_YAML="${METRICS_RESOURCES_YAML}-${ecrRegion}.yaml" fi RESOURCES_TO_UPLOAD=("$NEW_CNI_RESOURCES_YAML" "$NEW_METRICS_RESOURCES_YAML") - + RESOURCES_TO_COPY=(${RESOURCES_TO_COPY[@]} "$NEW_CNI_RESOURCES_YAML" "$NEW_METRICS_RESOURCES_YAML") COUNT=1 echo -e "\nUploading release assets for release id '$RELEASE_ID' to Github" for asset in ${RESOURCES_TO_UPLOAD[@]}; do @@ -122,4 +135,83 @@ jq -c '.[]' $REGIONS_FILE | while read i; do echo -e "\n $((COUNT++)). $name" upload_asset $asset done -done +done < <(jq -c '.[]' $REGIONS_FILE) + +echo "✅ Attach artifacts to release page done" + +echo $REPO + +if [[ -z $(command -v gh) ]] || [[ ! $(gh --version) =~ $GH_CLI_VERSION ]]; then + mkdir -p "${BUILD_DIR}"/gh + curl -Lo "${BUILD_DIR}"/gh/gh.tar.gz "https://github.com/cli/cli/releases/download/v${GH_CLI_VERSION}/gh_${GH_CLI_VERSION}_${OS}_amd64.tar.gz" + tar -C "${BUILD_DIR}"/gh -xvf "${BUILD_DIR}/gh/gh.tar.gz" + export PATH="${BUILD_DIR}/gh/gh_${GH_CLI_VERSION}_${OS}_amd64/bin:$PATH" + if [[ ! $(gh --version) =~ $GH_CLI_VERSION ]]; then + echo "❌ Failed install of github cli" + exit 4 + fi +fi + +function fail() { + echo "❌ Create PR failed" + exit 5 +} + +# $1: branch name +function create_pr(){ + CLONE_DIR="${BUILD_DIR}/config-sync" + SYNC_DIR="$CLONE_DIR$1" + echo $SYNC_DIR + rm -rf "${SYNC_DIR}" + mkdir -p "${SYNC_DIR}" + + cd "${SYNC_DIR}" + gh repo clone jayanthvn/amazon-vpc-cni-k8s + CONFIG_DIR=amazon-vpc-cni-k8s/config/master + cd $CONFIG_DIR + REPO_NAME=$(echo ${REPO} | cut -d'/' -f2) + git remote set-url origin https://"${GITHUB_USERNAME}":"${GITHUB_TOKEN}"@github.com/"${GITHUB_USERNAME}"/"${REPO_NAME}".git + + DEFAULT_BRANCH=$(git rev-parse --abbrev-ref HEAD | tr -d '\n') + git config user.name "jayanthvn" + git config user.email "jayanthvn@users.noreply.github.com" + + FORK_RELEASE_BRANCH="${BINARY_BASE}-${VERSION}-${PR_ID}" + git checkout -b "${FORK_RELEASE_BRANCH}" origin/$1 + + COUNT=1 + for asset in ${RESOURCES_TO_COPY[@]}; do + name=$(echo $asset | tr '/' '\n' | tail -1) + echo -e "\n $((COUNT++)). $name" + cp "$asset" . + done + + git add --all + git commit -m "${BINARY_BASE}: ${VERSION}" + +PR_BODY=$(cat << EOM +## ${BINARY_BASE} ${VERSION} Automated manifest folder Sync! 🤖🤖 + +### Description 📝 + +Updating all the generated release artifacts in master/config for $1 branch. + +EOM +) + + git push -u origin "${FORK_RELEASE_BRANCH}" + gh pr create --title "🥳 ${BINARY_BASE} ${VERSION} Automated manifest sync! 🥑" \ + --body "${PR_BODY}" --repo ${REPO} + + echo "✅ Manifest folder PR created for $1" +} + +DEFAULT_BRANCH=master +create_pr $DEFAULT_BRANCH + +# RELEASE_BRANCH=$(git branch -a --contains $VERSION | grep "upstream" | cut -d '/' -f3) +# echo "JAY $RELEASE_BRANCH" +# create_pr $RELEASE_BRANCH + +echo "✅ Manifest folder PRs created for master and release branches" +